Re: [TLS] Certificate keyUsage enforcement [whose duty, client's or server's?]
Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 07 November 2018 15:44 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5BBE130DC3 for <tls@ietfa.amsl.com>; Wed, 7 Nov 2018 07:44:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y7-Ua6zloMD0 for <tls@ietfa.amsl.com>; Wed, 7 Nov 2018 07:44:54 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EBCD71274D0 for <tls@ietf.org>; Wed, 7 Nov 2018 07:44:53 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 1EAC9706DC; Wed, 7 Nov 2018 10:44:53 -0500 (EST)
Date: Wed, 07 Nov 2018 10:44:53 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: tls@ietf.org
Message-ID: <20181107154452.GN4122@straasha.imrryr.org>
Reply-To: tls@ietf.org
References: <79CF87E7-E263-4457-865E-F7BE8251C506@dukhovni.org> <m236seg80v.fsf@localhost.localdomain> <20181107144826.207DC404C@ld9781.wdf.sap.corp>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <20181107144826.207DC404C@ld9781.wdf.sap.corp>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/C3p3Pv1a3bDDWsuNxmjAh1TUZqM>
Subject: Re: [TLS] Certificate keyUsage enforcement [whose duty, client's or server's?]
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2018 15:44:56 -0000
On Wed, Nov 07, 2018 at 03:48:26PM +0100, Martin Rex wrote: > There is *ZERO* security problem associated with TLS client allowing > a TLS server to do this, but it makes it harder to catch defective > CA software and bogus CA issuing practices when clients do not complain > here The interoperability issues I'm seeing are with self-signed certificates used in opportunistic TLS and DANE in SMTP. The CA is some end-user, who "does not know any better", and the question is how pedantic should the client's TLS stack be in such a case. Perhaps the correct place to *enforce* any keyUsage requirement is in the TLS *server*, which should limit *itself* to the algorithms compatible with the certificate. That would be both more effective, and more interoperable. > -- and the TLS specification says this KeyUsage DigitalSignature > is a MUST for DHE/ECDHE key exchange: > > TLSv1.2: https://tools.ietf.org/html/rfc5246#page-49 > > DHE_RSA RSA public key; the certificate MUST allow the > ECDHE_RSA key to be used for signing (the > digitalSignature bit MUST be set if the key > usage extension is present) with the signature > scheme and hash algorithm that will be employed > in the server key exchange message. > Note: ECDHE_RSA is defined in [TLSECC]. What the RFC does not say is whose duty it is (if anyone's) to *enforce* the restriction. Perhaps clients should not be the ones to do so? -- Viktor.
- [TLS] Certificate keyUsage enforcement question (… Viktor Dukhovni
- Re: [TLS] Certificate keyUsage enforcement questi… Geoffrey Keating
- Re: [TLS] Certificate keyUsage enforcement questi… Viktor Dukhovni
- Re: [TLS] Certificate keyUsage enforcement questi… Martin Rex
- Re: [TLS] Certificate keyUsage enforcement [whose… Viktor Dukhovni
- Re: [TLS] Certificate keyUsage enforcement questi… David Benjamin
- Re: [TLS] Certificate keyUsage enforcement questi… Geoffrey Keating
- Re: [TLS] Certificate keyUsage enforcement [whose… Peter Gutmann
- Re: [TLS] Certificate keyUsage enforcement [whose… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Certificate keyUsage enforcement questi… Viktor Dukhovni
- Re: [TLS] Certificate keyUsage enforcement questi… Blumenthal, Uri - 0553 - MITLL
- Re: [TLS] Certificate keyUsage enforcement questi… Peter Gutmann
- Re: [TLS] Certificate keyUsage enforcement questi… Viktor Dukhovni
- Re: [TLS] Certificate keyUsage enforcement questi… Peter Gutmann
- Re: [TLS] Certificate keyUsage enforcement questi… Viktor Dukhovni
- Re: [TLS] Certificate keyUsage enforcement questi… Yoav Nir
- Re: [TLS] Certificate keyUsage enforcement questi… Viktor Dukhovni
- Re: [TLS] Certificate keyUsage enforcement questi… Tony Putman
- Re: [TLS] Certificate keyUsage enforcement questi… Viktor Dukhovni
- Re: [TLS] Certificate keyUsage enforcement questi… Andrei Popov
- Re: [TLS] Certificate keyUsage enforcement questi… Nikos Mavrogiannopoulos